• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Could this be malware?

Recommended Posts

devnulllore    33

Ok well now I am just concerned about the browser I use. I use the latest version of chrome. How safe is Chrome in these circumstances? 

Share this post


Link to post
Share on other sites
+BudMan    3,537

What does your browser have to do with a site being compromised and the sites incompetence at correctly securing their users passwords/info?

 

Nothing you do or run on your end has anything to do with that... You could use a 120 character complex password, doesn't matter if the site stores it in the clear, or in a easy to reverse hash in their DB, and that DB is gotten by someone.

 

The one thing you can do to help mitigate issues when that happens is use different passwords for each site.

edit: Also the other thing you could do is enable 2FA.. So even of the info is compromised - they would also need to be able to do the 2FA.. That is not fullproof either, but it can help - depending on the MFA the site has enabled and how they have it implemented, etc.

Share this post


Link to post
Share on other sites
devnulllore    33
Posted (edited)

Because the email said I went to a compromised web site and that's how they got my info I don't know how it works and next time I should update my browser.

Share this post


Link to post
Share on other sites
+BudMan    3,537

What does what browser you used to create a website account have to do with the site being compromised?  Use whatever browser you want that makes you happy..  You could of been using any browser, Doesn't matter how you got there or how you put the info into the sites db... Once the db has been compromised, if not properly secured by the site owner.. Then your info would be available to the people who gained access to the DB..

 

What the email said, and what is actually true are normally light years apart ;)

 

Post up this email - so we can see what it says... My guess its a cookie cutter spam/scam email that form filled in the info they got from whatever site was compromised.  That had your info in it - any of the 30 of them it seems.  Or it could of been from one that is not yet "known" to have been compromised.

Share this post


Link to post
Share on other sites
devnulllore    33

Ok, give me a little while and I will post the email.

Share this post


Link to post
Share on other sites
devnulllore    33

This is the email in it's entirety:

 

Hey, I know your password is: (edited out)

Your computer was infected with my malware, RAT (Remote Administration Tool), your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".

My malware gave me full access and control over your computer, meaning, I got access to all your accounts (see password above) and I can see everything on your screen, turn on your camera or microphone and you won't even notice about it.

I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces.

I can send the video to all your contacts, post it on social network, publish it on the whole web, including the darknet, where the sick people are, I can publish all I found on your computer everywhere!

Only you can prevent me from doing this and only I can help you out in this situation.

Transfer exactly 1400$ with the current bitcoin (BTC) price to my bitcoin address.

It's a very good offer, compared to all that horrible ###### that will happen if I publish everything.

You can easily buy bitcoin here: www.paxful.com , www.coingate.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my address, or create your own wallet first here: www.login.blockchain.com/en/#/signup/ , then receive and send to mine.

My bitcoin address is: 14qd4cN3HZ2ErMddV6QmWvE7mVUcGSBh1X

Copy and paste my address, it's (cAsE-sEnSEtiVE)

I give you 2 days time to transfer the bitcoin.

As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.

Next time update your browser before browsing the web.

Mail-Client-ID: 4483923502

Share this post


Link to post
Share on other sites
SnoopZ    261
Posted (edited)
1 hour ago, adrynalyne said:

Ditto. 

I also can't see them.

1 hour ago, devnulllore said:

Ok I checked the  https://haveibeenpwned.com/  site and it says I have been compromised by over 30 sites and they want me to buy a password program. What can I do now? Should I notify my service provider?

Most people are getting flagged up there with something.

 

Off topic i use Lastpass.

Edited by SnoopZ

Share this post


Link to post
Share on other sites
Jim K    13,496
1 hour ago, devnulllore said:

This is the email in it's entirety:

 

Hey, I know your password is: (edited out)

Your computer was infected with my malware, RAT (Remote Administration Tool), your browser wasn't updated / patched, in such case it's enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more - Google: "Drive-by exploit".

My malware gave me full access and control over your computer, meaning, I got access to all your accounts (see password above) and I can see everything on your screen, turn on your camera or microphone and you won't even notice about it.

I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF!

After that I removed my malware to not leave any traces.

I can send the video to all your contacts, post it on social network, publish it on the whole web, including the darknet, where the sick people are, I can publish all I found on your computer everywhere!

Only you can prevent me from doing this and only I can help you out in this situation.

Transfer exactly 1400$ with the current bitcoin (BTC) price to my bitcoin address.

It's a very good offer, compared to all that horrible ###### that will happen if I publish everything.

You can easily buy bitcoin here: www.paxful.com , www.coingate.com , www.coinbase.com , or check for bitcoin ATM near you, or Google for other exchanger.
You can send the bitcoin directly to my address, or create your own wallet first here: www.login.blockchain.com/en/#/signup/ , then receive and send to mine.

My bitcoin address is: 14qd4cN3HZ2ErMddV6QmWvE7mVUcGSBh1X

Copy and paste my address, it's (cAsE-sEnSEtiVE)

I give you 2 days time to transfer the bitcoin.

As I got access to this email account, I will know if this email has already been read.
If you get this email multiple times, it's to make sure that you read it, my mailer script is configured like this and after payment you can ignore it.
After receiving the payment, I will remove everything and you can life your live in peace like before.

Next time update your browser before browsing the web.

Mail-Client-ID: 4483923502

The email is bull...they got your password from one of the data breaches (beyond your control) ... not from the method they wrote in the email. 

 

Just change your passwords to sites that have been compromised ... and don't use passwords that have been compromised (such as the one you "edited out" ... why are still using that one?)  

Share this post


Link to post
Share on other sites
eddman    369
Posted (edited)
3 hours ago, devnulllore said:

Ok well now I am just concerned about the browser I use. I use the latest version of chrome. How safe is Chrome in these circumstances? 

They didn't hack you; they almost certainly got the email and password from one of the hacked websites that you had signed up with.

 

As for your main issue (I haven't read all the comments): Take an HDD or SSD, backup anything important that is on it, now disconnect all the other ones, start a fresh windows installation (do not use a backup image), at the partition selection prompt delete all the partitions and then create new ones and install windows.

 

After the installation is done, do not attach any other internal or external drives, USB flash drives, etc. Once you boot into windows, download all the required drivers from scratch and install them. Update windows if you want to. Do not install any third-party software yet.

 

Now use your computer a bit, browse websites with edge. If it looks good download steam and install a game or two and see if it stutters.

 

If it does, then either one of the latest windows updates or drivers are causing an issue or your hardware is going bad; might even be a mainboard issue as one of the posters mentioned.

 

If it doesn't stutter, then gradually download and install the software that you usually use. Check your PC for stutters regularly. You need to find what triggers the stutter so don't install all the software in one go. (Make sure to download them; do not use any setup files that you already have on your drives.)

 

If after installing everything it still doesn't stutter, connect the other drives and check again. Tell us how it goes.

 

P.S. I know; it's a bit of a pain to spend so much time doing all that but sometimes you need to go with small steps and check as many variables as you can.

Edited by eddman

Share this post


Link to post
Share on other sites
+BudMan    3,537

Dude those words are exact from the article I linked too about this sort of nonsense

"I collected all your private data and I RECORDED YOU (through your webcam) SATISFYING YOURSELF"

 

It's spam/scam garbage - deleted it an move on..

https://malwaretips.com/resources/i-infected-you-with-my-private-malware-rat-fake-blackmail-scam.277/

 

If your email was on 30 different sites that have been compromised - then yes I would adopt better password policies..

"Use different passwords for each site"

If you can do that on your own - great, if not look to password tools, many of which are free.. I am currently just using the lastpass free option.

Which will make it easier for you to use different passwords for each site, and complex ones.

 

edit:  I am a bit surprised your email host didn't block that as spam anyway.

Share this post


Link to post
Share on other sites
devnulllore    33

Hi, I went back and changed as many passwords as I could ever remember but there is news. I have a buddy of mine I used to work with at RCN with who is a security expert. He came over and used a some sort of Linux boot disk to log into my PC. He said there were 2 instances of a RAT, some sort of Remote Access Trojan and he had to reinstall windows again to be safe. I told him my nephew uses my computer once or twice a week and he admitted he browses some porn sites, some he knows get blocked occasionally, but he circumvents the blockage and goes there anyway. Well If this is real or not I will find out soon enough. I will just be vigilant about the sites he goes to from now on. He also suggest I use an encrypted password manager like Lastpass does anyone use that? Is it good and safe? I trust my buddy but I also trust you all implicitly. Thanks again for all the help but just a side note. The windows lag is still there but I since the reinstall I am no longer crashing every 5 minutes. One thing my buddy notice is when the lag happens Windows Explorer pegs my CPU usage, and memory usage maxes out so it could not have been the Trojan that was causing the lag. I think I am going to have to open my PC and do a complete overhaul ie.. reseating all my cards, checking cables and overall cleaning out the system. I will report back after I do this.

Share this post


Link to post
Share on other sites
devnulllore    33

A little off topic but, I use Iobit Smart Defrag for my conventional drives and I noticed my anti-virus software, Eset, claims it's a PUP. Is Iobit software safe to install?

Share this post


Link to post
Share on other sites
SnoopZ    261
Posted (edited)
8 minutes ago, devnulllore said:

Hi, I went back and changed as many passwords as I could ever remember but there is news. I have a buddy of mine I used to work with at RCN with who is a security expert. He came over and used a some sort of Linux boot disk to log into my PC. He said there were 2 instances of a RAT, some sort of Remote Access Trojan and he had to reinstall windows again to be safe. I told him my nephew uses my computer once or twice a week and he admitted he browses some porn sites, some he knows get blocked occasionally, but he circumvents the blockage and goes there anyway. Well If this is real or not I will find out soon enough. I will just be vigilant about the sites he goes to from now on. He also suggest I use an encrypted password manager like Lastpass does anyone use that? Is it good and safe? I trust my buddy but I also trust you all implicitly. Thanks again for all the help but just a side note. The windows lag is still there but I since the reinstall I am no longer crashing every 5 minutes. One thing my buddy notice is when the lag happens Windows Explorer pegs my CPU usage, and memory usage maxes out so it could not have been the Trojan that was causing the lag. I think I am going to have to open my PC and do a complete overhaul ie.. reseating all my cards, checking cables and overall cleaning out the system. I will report back after I do this.

Lastpass is awesome a few people in this thread have said they use this a few posts back,give it a try and also setup 2fa on your mobile phone with it.

Share this post


Link to post
Share on other sites
+BudMan    3,537
33 minutes ago, devnulllore said:

He said there were 2 instances of a RAT, some sort of Remote Access Trojan

And which ones were they exactly?

Share this post


Link to post
Share on other sites
devnulllore    33

He did not specify. I will ask him next time I speak with him. He did say they were the most common ones he's seen.

Share this post


Link to post
Share on other sites
+BudMan    3,537

Well its very odd - because your email stated that he removed his RAT ;)

Quote

After that I removed my malware to not leave any traces.

 

 

Share this post


Link to post
Share on other sites
devnulllore    33
Just now, BudMan said:

Well its very odd - because your email stated that he removed his RAT ;)

 

Right but my buddy says they always leave traces but can only be picked up through a boot environment other than Windows. I am not familiar with Linux too much.

Share this post


Link to post
Share on other sites
+BudMan    3,537

Dude it was a JOKE ;)  that you actually think that scam/spam email was legit is funny to be honest.

 

Do you even have a webcam?

Share this post


Link to post
Share on other sites
devnulllore    33
Posted (edited)

Yes I have a web cam and since I use Cortana it's always on. Good then and I really hope your right. I am however happy that at least I took some precautions.

Share this post


Link to post
Share on other sites
devnulllore    33

So does anyone use Smartdefrag for their conventional drives? I tried to install it but Eset keeps blocking it saying it's a PUP. Any thoughts?

  • Like 1

Share this post


Link to post
Share on other sites
+warwagon    13,125

I would still test the ram just to be on the safe side, I would also download a Linux distro or a Windows 10 PE and run it off a flash drive to see if you experience any of the freezes. This way you can rule out your entire windows 10 install instantly.

Share this post


Link to post
Share on other sites
+BudMan    3,537

So esat stops you from running smartdefrag... but didn't help you with your rat infection ;)

 

Exclude it from your detection if you want it... But there is really zero use for that software... The built in defrag is more then sufficient... Maybe if you would stop installing every piece of software under the sun on your so called "clean" installs you could actually figure out what is causing your problem ;)

Share this post


Link to post
Share on other sites
devnulllore    33
1 hour ago, warwagon said:

I would still test the ram just to be on the safe side, I would also download a Linux distro or a Windows 10 PE and run it off a flash drive to see if you experience any of the freezes. This way you can rule out your entire windows 10 install instantly.

Okie will do. Thanks

Share this post


Link to post
Share on other sites
sc302    1,736

It would help more to break down the explorer.exe process and find out if it is the same process/dll causing your issue or if it is constantly changing.  Explorer.exe can call 1,000,000 other processes.  Task manager only reports on the main process.  You need to drill down further with resource monitor or process explorer.

 

Your computer is basically your patient, and you are the doctor.  Your patient told you it hurt in it's stomach....you need other tools to be able to dig into its stomach to see what the actual issue is.  You obviously can't remove the patients abdomen to stop your patient from hurting, you would kill them if you did.  What are you going to use to investigate further, or are you going to keep stuffing it with medication in hopes that the pain goes away or continuing to misdiagnose it?  Or chasing the maybes or could-be's from other doctors who have never seen this exact issue before but know that something like this has happened but their patient was just about dead vs your patient that isn't dead, is still breathing and functioning normally...

Share this post


Link to post
Share on other sites
+warwagon    13,125
3 minutes ago, sc302 said:

It would help more to break down the explorer.exe process and find out if it is the same process/dll causing your issue or if it is constantly changing.  Explorer.exe can call 1,000,000 other processes.  Task manager only reports on the main process.  You need to drill down further with resource monitor or process explorer.

Good point. He may all want to take a look at shellview .. I created a thread about it back in the windows 8 days, because there was a shell hook Nvidia was using which was causing a freeze on every right click. I use d this program to disable it.

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.